TunnelVision Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Langue

en	44
fr	2

De campagne

us	34
mx	6
gb	4
br	2

Acteurs

TunnelVision	5
Mint Sandstorm	2

Intérêt

Taper

Not Defined	12
Application Server Software	4
Programming Language Software	4
Content Management System	4
Groupware Software	2

Fournisseur

Not Defined	12
Oracle	4
Microsoft	4
Maran	2
Cisco	2

Produit

Oracle GlassFish Open Source Edition	2
Microsoft SharePoint Server	2
PbootCMS	2
Maran PHP Shop	2
Oracle GlassFish Server	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	Calculateur	High	Workaround	0.02016	0.02	CVE-2007-1192
2	SAP NetWeaver MigrationService elévation de privilèges	9.2	9.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00077	0.02	CVE-2021-21481
3	WordPress cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00364	0.02	CVE-2022-21662
4	WordPress WP_Query sql injection	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.93536	0.15	CVE-2022-21661
5	Microsoft Windows RDP elévation de privilèges	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2021-1669
6	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.03	CVE-2010-0966
7	SourceCodester Petrol Pump Management Software service_crud.php elévation de privilèges	4.7	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.10	CVE-2024-2059
8	Cacti Request Parameter remote_agent.php elévation de privilèges	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96528	0.00	CVE-2022-46169
9	All in One SEO Plugin REST API Endpoint elévation de privilèges	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02407	0.04	CVE-2021-25036
10	YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.13451	0.00	CVE-2021-3120
11	WordPress wp-publications Plugin Archive bibtexbrowser.php directory traversal	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00529	0.03	CVE-2021-38360
12	WP Import Export Plugin class-wpie-general.php wpie_process_file_download elévation de privilèges	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00161	0.00	CVE-2022-0236
13	Cisco Small Business RV345 buffer overflow	9.9	9.7	$5k-$25k	$5k-$25k	High	Official Fix	0.96250	0.05	CVE-2022-20699
14	WordPress Object elévation de privilèges	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00432	0.04	CVE-2022-21663
15	Oracle GlassFish Open Source Edition Demo Feature authentification faible	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00187	0.03	CVE-2018-14324
16	Microsoft Exchange Server Privilege Escalation	8.8	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.96537	0.04	CVE-2021-42321
17	F5 BIG-IP TMUI Privilege Escalation	8.8	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00159	0.00	CVE-2021-22988
18	Microsoft SharePoint Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.28292	0.00	CVE-2021-31181
19	Umbraco CMS Installation directory traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00371	0.06	CVE-2020-5811
20	Dnsmasq helper.c create_helper divulgation de l'information	3.7	3.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00347	0.00	CVE-2019-14834

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	51.89.135.142	ip142.ip-51-89-135.eu	TunnelVision	25/02/2022	verified	Élevé
2	51.89.169.198	ip198.ip-51-89-169.eu	TunnelVision	25/02/2022	verified	Élevé
3	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxxxxxxxxxx	25/02/2022	verified	Élevé
4	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxxxxxxxxxxx	25/02/2022	verified	Élevé
5	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxxxxxx	25/02/2022	verified	Élevé
6	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxxxxxx	25/02/2022	verified	Élevé
7	XXX.XX.XXX.X		Xxxxxxxxxxxx	25/02/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1		CAPEC-13	CWE-73, CWE-119, CWE-121, CWE-266, CWE-285, CWE-287, CWE-352, CWE-404, CWE-862, CWE-863	Unknown Vulnerability	predictive	Élevé
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Élevé
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
11	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin/app/service_crud.php	predictive	Élevé
2	File	/cgi-bin/user/Config.cgi	predictive	Élevé
3	File	/etc/sudoers	predictive	Moyen
4	File	/src/helper.c	predictive	Élevé
5	File	xxxxx.xxx/xxxx/xxx/xxxxx/	predictive	Élevé
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
7	File	xxxxxx.xxx	predictive	Moyen
8	File	xxx/xxxxxx.xxx	predictive	Élevé
9	File	xxxxx_xxx.xxx	predictive	Élevé
10	File	xxx	predictive	Faible
11	File	xxxx.xxx	predictive	Moyen
12	File	xxxxxxxxx.xxx	predictive	Élevé
13	File	xxxxxx_xxxxx.xxx	predictive	Élevé
14	File	xxxx.xxx	predictive	Moyen
15	File	xxxxxx/xxxxx.xxx/xxxx/xxxx	predictive	Élevé
16	File	xxxxxxxxx.xxx	predictive	Élevé
17	File	xxxxxx/xxxxx/xxxx_xxx.xxx	predictive	Élevé
18	File	~/xxxxxxxxxxxxx.xxx	predictive	Élevé
19	File	~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxx	predictive	Élevé
20	Argument	xxxxxxxx	predictive	Moyen
21	Argument	xxx	predictive	Faible
22	Argument	xxxx/xxxxxxx	predictive	Moyen
23	Argument	xxxx_xx	predictive	Faible
24	Argument	xxxxxxxx	predictive	Moyen
25	Argument	xxxx	predictive	Faible
26	Argument	xxxxx	predictive	Faible
27	Argument	xxxxxxx	predictive	Faible
28	Argument	x_xxxx	predictive	Faible
29	Argument	xxxxx_xx	predictive	Moyen
30	Argument	xxxxxxxx	predictive	Moyen
31	Input Value	xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	predictive	Élevé
32	Input Value	xxxxx	predictive	Faible
33	Input Value	xxxxxxxxx xxxxx	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you need the next level of professionalism?

Upgrade your account now!